Bug 1318853

Summary: [RFE]virt-viewer: https proxy for spice not implemented yet
Product: Red Hat Enterprise Linux 8 Reporter: David Jaša <djasa>
Component: virt-viewerAssignee: Virt Viewer Maint <virt-viewer-maint>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: bsanford, cfergeau, dblechte, juzhou, lsurette, mtessun, mzhan, pablo.iranzo, rbalakri, rh-spice-bugs, spice-qe-bugs, srevivo, tpelka, tzheng, xiaodwan
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1318850 Environment:
Last Closed: 2020-07-13 15:36:45 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Spice RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1051149, 1318850, 1318857    
Bug Blocks:    

Description David Jaša 2016-03-18 02:03:12 UTC 
+++ This bug was initially created as a clone of Bug #1318850 +++

Description of problem:
RFE bug 1051149 has two part - authentication, which was verified successfully and https which was not tested and doesn't work.

Version-Release number of selected component (if applicable):
RHEL 7.2: spice-gtk3-0.26-5.el7.x86_64
RHEV 3.6: mingw-virt-viewer-2.0-8
RHEL 6.6: spice-gtk-0.26-7.el6.x86_64   // for sake of completeness

How reproducible:
always

Steps to Reproduce:
1. have CA cert and server cert/key pair, add this line to squid.conf in addition to "http_port ..." line:
https_port 3129 key=/path/to/pem_key cert=/path/to/pem_cert
2. set SPICE_PROXY env var to https://name_in_certificate_Subject_CN/:
  * windows cmd: set SPICE_PROXY=...
  * linux shel: export SPICE_PROXY=... (or SPICE_PROXY=... remote-viewer ...)
3. add CA cert to system-wide trust store in the client:
  * windows: Trusted Root Authorities in certmgr.msc (per-user) or mmc (system)
  * linux: using update-certificates(8) or trust(1)
4. connect to the VM through proxy

Actual results:
error dialog with "Unacceptable TLS certificate" message pops up

Expected results:
connection through proxy is established

Additional info:
Comment 1 Yaniv Kaul 2016-05-08 10:48:15 UTC 
Looks like a missing feature to me.
Comment 2 Yaniv Lavi 2016-05-09 10:57:23 UTC 
oVirt 4.0 Alpha has been released, moving to oVirt 4.0 Beta target.
Comment 6 Pavel Grunt 2016-06-21 07:23:56 UTC 
According to the discussion in the original bug 1318850 ( https://bugzilla.redhat.com/show_bug.cgi?id=1318850#c21 ) it requires more investigation and new api in glib. It is not a regression (I agree with the comment 1 that it is a feature), we don't have the solution upstream -> moving